jowj/chd
1
0
Fork 0
Code Pull Requests Releases Activity

Break out whole job into pre/post os specific tasks.

Browse Source 
- this isn't complete yet
- will have a lot of refactoring to do when i'm done.
This commit is contained in:
jowj 2019-10-24 17:02:09 -05:00
parent c03852205c
commit 2518af19bb
6 changed files with 178 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
deployments/serverBuild/wg_vpn/tasks/posttasks_arch.yml Normal file
View File

@ -0,0 +1,22 @@
- hosts: vpn
remote_user: josiah
gather_facts: false
become: yes
tasks:
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.2/32, fd86:ea04:1115::2/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0
delegate_to: localhost
- name: (local) bring wg up on local
shell: wg-quick up wg0
delegate_to: localhost

21
deployments/serverBuild/wg_vpn/tasks/posttasks_debian.yml Normal file
View File

@ -0,0 +1,21 @@
- hosts: vpn
remote_user: josiah
gather_facts: false
become: yes
tasks:
- name: fill out the rest of the wg0.conf file
blockinfile:
path: /etc/wireguard/wg0.conf
block: |
Address = 10.200.219.1/24
Address = fd86:ea04:1115::1/64
ListenPort = 51820
SaveConfig = true
[Peer]
# name = luggable-laptop
PublicKey = {{ arch_publickey.stdout }}
AllowedIPs = 10.200.219.2/32, fd86:ea04:1115::2/128
- name: bring wg up on the relay node
shell: wg-quick up /etc/wireguard/wg0.conf

20
deployments/serverBuild/wg_vpn/tasks/posttasks_mac.yml Normal file
View File

@ -0,0 +1,20 @@
- hosts: localhost
connection: local
gather_facts: false
tasks:
- name: (local) fill out the rest of the wg0.conf file
blockinfile:
path: ~/wireguard//wg0.conf
block: |
Address = 10.200.219.19/32, fd86:ea04:1115::19/128
DNS = 1.1.1.1
[Peer]
PublicKey = {{ server_publickey.stdout }}
Endpoint = vpn.awful.club:51820
AllowedIPs = 0.0.0.0/0
- name: (local) bring wg up on local
shell: wg-quick up wg0

37
deployments/serverBuild/wg_vpn/tasks/pretasks_arch.yml Normal file
View File

@ -0,0 +1,37 @@
---
# tasks file for wg_vpn
# this is useful for running plays /from/ an arch machine that will join the wg net.
# install wg, generate keys, files on local machine
- hosts: vpn
remote_user: josiah
gather_facts: false
become: yes
tasks:
- name: (local) install wg (i use) arch (btw)
pacman:
update_cache: yes
name: wireguard-tools, wireguard-arch
state: present
delegate_to: localhost
- name: (local) ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
delegate_to: localhost
- name: (local) Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
delegate_to: localhost
- name: (local) register publickey for later use
shell: cat /etc/wireguard/publickey
register: arch_publickey
delegate_to: localhost

53
deployments/serverBuild/wg_vpn/tasks/pretasks_debian.yml Normal file
View File

@ -0,0 +1,53 @@
- hosts: vpn
remote_user: josiah
gather_facts: false
become: yes
tasks:
- name: add unstable to repos
shell: |
echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
- name: Update aptitude
apt: update_cache=yes
- name: install wireguard
apt: name=wireguard state=latest
- name: install linux headers (necessary on older cloud kernels (fuck u digitalocean))
# the kernel version is hard coded because this is what DO currently uses
# and that's what i use
apt: name=linux-headers-4.19.0-6-cloud-amd64
- name: install misc other things the internet says i need
apt: name=build-essential
- name: install misc other things the internet says i need
apt: name=dkms
- name: needed for handling dns requests
apt: name=openresolv
- name: enable kernel relay/forwarding
shell: |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv4.conf.all.proxy_arp = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o wg0 -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.200.219.0/24 -o eth0 -j MASQUERADE
- name: ensure /etc/wireguard/ exists
file:
path: /etc/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > /etc/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat /etc/wireguard/publickey
register: server_publickey

25
deployments/serverBuild/wg_vpn/tasks/pretasks_mac.yml Normal file
View File

@ -0,0 +1,25 @@
- hosts: local
gather_facts: false
tasks:
- name: Update brew
homebrew: update_homebrew=yes
- name: install wireguard
homebrew: name=wireguard-tools state=latest
- name: make wg dir since macs are now weird about /etc/anything
file:
path: ~/wireguard/
state: directory
- name: Generate keys
shell: |
printf "[Interface]\nPrivateKey = " > ~/wireguard/wg0.conf
wg genkey | tee -a /etc/wireguard/wg0.conf | wg pubkey > /etc/wireguard/publickey
vars:
umask: "077"
- name: register publickey for later use
shell: cat ~/wireguard/publickey
register: macos_publickey